Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Majority of Critical Infrastructure Firms in Americas Have Battled Hack Attempts: Survey

Cyber-attacks against critical infrastructure companies have long since moved out of the realm of science fiction and into reality, and a new report from Trend Micro and the Organization of the American States (OAS) shows just how much.

Cyber-attacks against critical infrastructure companies have long since moved out of the realm of science fiction and into reality, and a new report from Trend Micro and the Organization of the American States (OAS) shows just how much.

In a new survey, the challenges those organizations are facing today are laid bare. Forty percent of 575 security leaders polled said they had dealt with attempts to shut down their computer networks. Forty-four percent said they had faced attempts by attackers to delete files, while 60 percent have had attackers try to steal their information. Perhaps even more ominous is the fact that 54 percent had dealt with attempts to manipulate their organization’s equipment through a control network or system.

“This research should serve as a wake-up-call that critical infrastructures have become a prime target for cybercriminals,” said Tom Kellermann, chief cybersecurity officer at Trend Micro, in a statement. “These groups have escalated their attacks by leveraging destructive campaigns against the infrastructures of the Western Hemisphere.”

The respondents came from organizations throughout the Americas. In the U.S., the “ICS-CERT Monitor” newsletter for the period between September 2014 and February 2015 stated that a total of 245 cyber-security incidents were reported to ICS-CERT during fiscal year 2014. According to the report, the energy and critical manufacturing sectors were impacted the most.

In the OAS/Trend Micro survey, 53 percent of those surveyed said they have noticed an increase in incidents affecting their networks in the past year. The primary attack was phishing, which was noted by 71 percent. DDoS (42 percent) and SQL injection (32 percent) were commonly reported as well. Just 18 percent reported being targeted by advanced persistent threats (APTs).

“A major challenge today is the sophistication of attacks (76% say they are getting more sophisticated) which are difficult to detect,” according to the report. “With almost a third of the respondents falling into this category, it is apparent that continuous monitoring controls are a needed requirement within most organizations to improve their visibility across their networks of attacker presence.”

The good news is that more than half of those surveyed said they have disaster recovery (54 percent) and incident response (52 percent) plans in place. The bad news – 52 percent said their budget for cyber-security did not increase during the past year. Most organizations said they trust the government to advance a cyber-security agenda to protect critical infrastructure companies, and they are willing work with them.

“Since critical infrastructure affects everyone within a region, Public-Private Partnerships (PPPs) are key in properly managing the threat associated with threat actors looking to compromise these systems,” the report noted. “With only 1 in 5 (21%) respondents stating an active dialogue there is a high level of improvement to be done to effectively deal with the threat.”

Advertisement. Scroll to continue reading.

“Governments in the Americas and around the world must recognize the serious vulnerabilities inherent to critical infrastructure and the potential for grave consequences if not properly secured,” said Neil Klopfenstein, executive secretary of the OAS Inter-American Committee against Terrorism (CICTE), in a statement. “From electrical grids and water treatment plants, to oil exploration fossil fuel supplies and transportation, these systems are vital to virtually every element of society. This report reinforces a need to continue strengthening protection of critical infrastructures in our member states, while collaborating and sharing information so as to collectively address these issues and foster a secure and resilient cyber space for government, businesses and citizens in the region.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...